IT governance has always been a challenge for corporate technology organizations and best practice frameworks—such as the process-focused COBIT or service level-oriented ITIL —can deliver much-needed operational rigor.

But not always.

IT benchmarking and analytics firm Compass recently analyzed 15 client engagements over the past two years and found that while some IT organizations had pockets of maturity, by and large the process improvement tools embraced by CIOs to improve IT efficiency often yield limited—and potentially negative—results.

Compass found that it was often an external IT service provider implementing the ITIL and COBIT practices. "It's typically the outsourcers who have the process expertise," says Chris Pfauser, a principal at Compass Management Consulting, an ISG company. "Service providers push process improvement initiatives because it allows them to drive repeatability and standardization across multiple clients, and thereby deliver services more efficiently. Mature, repeatable processes are also often an area where clients really struggle and outsourcing can be a path to mature and even transform their processes internally and with the business."

Don't Do ITIL for the Sake of It

Unfortunately, most of the time these process improvement efforts are implemented in isolation from the business simply for the sake of certification or compliance, says Pfauser. As a result, the business is not sufficiently engaged for the governance initiative to succeed. "Clients will bring a service provider in and ask them to 'implement ITIL,' and then assume their job is done," Pfauser says. "[But] if the changes are imposed by a third party, there's little incentive for the client-and especially the business-to be compliant. The initiative becomes a set of bothersome rules and procedures to follow with no apparent benefit.

Even worse, Pfauser says he's seen many cases were "process improvement" was limited to defining rules and guidelines. "This can lead to a 'hot potato' culture that focuses on documenting activity, following the rules, and passing tasks down the line, rather than on getting things done," he says. "True enterprise-wide process maturity is characterized by clear activities, functions, roles and responsibilities, which enable the IT organization to quickly address performance issues, identify root causes and prevent recurring problems."

And while these process improvement efforts on paper enable the outsourcing provider to standardize and rationalize service delivery across multiple customers efficiently and cost effectively, that ROI may never materialize. "If you don't have that client buy-in, what typically happens is that the service provider ends up having to circumvent the process rules in order to get things done, resulting in duplication of effort and increased costs."

IT Has to Drive Process Improvement

Process improvement initiatives can work in an outsourced environment, says Pfauser, but the customer has to take the wheel. "The client-retained organization must drive the change with the service provider and establish effective controls and governance to make it successful." The must also focus on the big picture rather than simply defining rules and reporting results. "Top-performing organizations are refining their metrics and key performance indicators to measure the end-to-end process and improve results rather than simply track activity. "

Mature IT governance processes, Pfauser notes, are more important than ever, adds Pfauser. Process discipline is required effective demand management I an era of cloud computing and utility pricing models. A clearly defined service catalog that lays out the cost and composition of each unit of IT service allows the business to see what's being consumed and enables IT to see what's being delivered-and manage their IT usage accordingly, says Pfauser.